Barretenberg: src/barretenberg/flavor/ultra_keccak_zk_flavor.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include "barretenberg/common/assert.hpp"

#include "barretenberg/flavor/ultra_keccak_flavor.hpp"


namespace bb {


class UltraKeccakZKFlavor : public UltraKeccakFlavor {

  public:

    // This flavor runs with ZK Sumcheck

    static constexpr bool HasZK = true;

    // Determine the number of evaluations of Prover and Libra Polynomials that the Prover sends to the Verifier in

    // the rounds of ZK Sumcheck.

    static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH = UltraKeccakFlavor::BATCHED_RELATION_PARTIAL_LENGTH + 1;

    static_assert(BATCHED_RELATION_PARTIAL_LENGTH == Curve::LIBRA_UNIVARIATES_LENGTH,

                  "LIBRA_UNIVARIATES_LENGTH must be equal to UltraKeccakZKFlavor::BATCHED_RELATION_PARTIAL_LENGTH");


    // Proof length formula method


    static constexpr size_t PROOF_LENGTH_WITHOUT_PUB_INPUTS(size_t virtual_log_n = VIRTUAL_LOG_N)

    {

        return /* 1. NUM_WITNESS_ENTITIES commitments */ (NUM_WITNESS_ENTITIES * num_elements_comm) +

               /* 2. Libra concatenation commitment*/ (num_elements_comm) +

               /* 3. Libra sum */ (num_elements_fr) +

               /* 4. virtual_log_n sumcheck univariates */

               (virtual_log_n * BATCHED_RELATION_PARTIAL_LENGTH * num_elements_fr) +

               /* 5. NUM_ALL_ENTITIES sumcheck evaluations*/ (NUM_ALL_ENTITIES * num_elements_fr) +

               /* 6. Libra claimed evaluation */ (num_elements_fr) +

               /* 7. Libra grand sum commitment */ (num_elements_comm) +

               /* 8. Libra quotient commitment */ (num_elements_comm) +

               /* 9. Gemini masking commitment */ (num_elements_comm) +

               /* 10. Gemini masking evaluation */ (num_elements_fr) +

               /* 11. virtual_log_n - 1 Gemini Fold commitments */

               ((virtual_log_n - 1) * num_elements_comm) +

               /* 12. virtual_log_n Gemini a evaluations */

               (virtual_log_n * num_elements_fr) +

               /* 13. NUM_SMALL_IPA_EVALUATIONS libra evals */ (NUM_SMALL_IPA_EVALUATIONS * num_elements_fr) +

               /* 14. Shplonk Q commitment */ (num_elements_comm) +

               /* 15. KZG W commitment */ (num_elements_comm);

    }


    class Transcript : public UltraKeccakFlavor::Transcript {

      public:

        using Base = UltraKeccakFlavor::Transcript::Base;

        // Note: we have a different vector of univariates because the degree for ZK flavors differs

        std::vector<bb::Univariate<FF, BATCHED_RELATION_PARTIAL_LENGTH>> zk_sumcheck_univariates;

        Commitment libra_concatenation_commitment;

        FF libra_sum;

        FF libra_claimed_evaluation;

        Commitment libra_grand_sum_commitment;

        Commitment libra_quotient_commitment;

        FF libra_concatenation_eval;

        FF libra_shifted_grand_sum_eval;

        FF libra_grand_sum_eval;

        FF libra_quotient_eval;

        Commitment hiding_polynomial_commitment;

        FF hiding_polynomial_eval;


        Transcript() = default;


        static std::shared_ptr<Transcript> prover_init_empty()

        {

            auto transcript = Base::prover_init_empty();

            return std::static_pointer_cast<Transcript>(transcript);

        };


        static std::shared_ptr<Transcript> verifier_init_empty(const std::shared_ptr<Transcript>& transcript)

        {

            auto verifier_transcript = Base::verifier_init_empty(transcript);

            return std::static_pointer_cast<Transcript>(verifier_transcript);

        };


        void deserialize_full_transcript(size_t public_input_size, size_t virtual_log_n = VIRTUAL_LOG_N)

        {

            // take current proof and put them into the struct

            size_t num_frs_read = 0;

            auto& proof_data = this->proof_data;

            for (size_t i = 0; i < public_input_size; ++i) {

                this->public_inputs.push_back(Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read));

            }

            this->w_l_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            this->w_r_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            this->w_o_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            this->lookup_read_counts_comm =

                Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            this->lookup_read_tags_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            this->w_4_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            this->lookup_inverses_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            this->z_perm_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            libra_concatenation_commitment =

                Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            libra_sum = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);


            for (size_t i = 0; i < virtual_log_n; ++i) {

                zk_sumcheck_univariates.push_back(

                    Base::template deserialize_from_buffer<bb::Univariate<FF, BATCHED_RELATION_PARTIAL_LENGTH>>(

                        proof_data, num_frs_read));

            }

            libra_claimed_evaluation = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);

            this->sumcheck_evaluations =

                Base::template deserialize_from_buffer<std::array<FF, NUM_ALL_ENTITIES>>(proof_data, num_frs_read);

            libra_grand_sum_commitment = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            libra_quotient_commitment = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            hiding_polynomial_commitment = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

            hiding_polynomial_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);

            for (size_t i = 0; i < virtual_log_n - 1; ++i) {

                this->gemini_fold_comms.push_back(

                    Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read));

            }

            for (size_t i = 0; i < virtual_log_n; ++i) {

                this->gemini_fold_evals.push_back(Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read));

            }

            libra_concatenation_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);

            libra_shifted_grand_sum_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);

            libra_grand_sum_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);

            libra_quotient_eval = Base::template deserialize_from_buffer<FF>(proof_data, num_frs_read);

            this->shplonk_q_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);


            this->kzg_w_comm = Base::template deserialize_from_buffer<Commitment>(proof_data, num_frs_read);

        }


        void serialize_full_transcript(size_t virtual_log_n = VIRTUAL_LOG_N)

        {

            auto& proof_data = this->proof_data;

            size_t old_proof_length = proof_data.size();

            proof_data.clear(); // clear proof_data so the rest of the function can replace it

            for (const auto& public_input : this->public_inputs) {

                Base::serialize_to_buffer(public_input, proof_data);

            }

            Base::serialize_to_buffer(this->w_l_comm, proof_data);

            Base::serialize_to_buffer(this->w_r_comm, proof_data);

            Base::serialize_to_buffer(this->w_o_comm, proof_data);

            Base::serialize_to_buffer(this->lookup_read_counts_comm, proof_data);

            Base::serialize_to_buffer(this->lookup_read_tags_comm, proof_data);

            Base::serialize_to_buffer(this->w_4_comm, proof_data);

            Base::serialize_to_buffer(this->lookup_inverses_comm, proof_data);

            Base::serialize_to_buffer(this->z_perm_comm, proof_data);

            Base::serialize_to_buffer(libra_concatenation_commitment, proof_data);

            Base::serialize_to_buffer(libra_sum, proof_data);


            for (size_t i = 0; i < virtual_log_n; ++i) {

                Base::serialize_to_buffer(zk_sumcheck_univariates[i], proof_data);

            }

            Base::serialize_to_buffer(libra_claimed_evaluation, proof_data);


            Base::serialize_to_buffer(this->sumcheck_evaluations, proof_data);

            Base::serialize_to_buffer(libra_grand_sum_commitment, proof_data);

            Base::serialize_to_buffer(libra_quotient_commitment, proof_data);

            Base::serialize_to_buffer(hiding_polynomial_commitment, proof_data);

            Base::serialize_to_buffer(hiding_polynomial_eval, proof_data);

            for (size_t i = 0; i < virtual_log_n - 1; ++i) {

                Base::serialize_to_buffer(this->gemini_fold_comms[i], proof_data);

            }

            for (size_t i = 0; i < virtual_log_n; ++i) {

                Base::serialize_to_buffer(this->gemini_fold_evals[i], proof_data);

            }

            Base::serialize_to_buffer(libra_concatenation_eval, proof_data);

            Base::serialize_to_buffer(libra_shifted_grand_sum_eval, proof_data);

            Base::serialize_to_buffer(libra_grand_sum_eval, proof_data);

            Base::serialize_to_buffer(libra_quotient_eval, proof_data);

            Base::serialize_to_buffer(this->shplonk_q_comm, proof_data);

            Base::serialize_to_buffer(this->kzg_w_comm, proof_data);


            BB_ASSERT_EQ(proof_data.size(), old_proof_length);

        }


    };


};


} // namespace bb

assert.hpp

BB_ASSERT_EQ
#define BB_ASSERT_EQ(actual, expected,...)
Definition assert.hpp:59

bb::BaseTranscript< Params >

bb::BaseTranscript< Params >::serialize_to_buffer
void serialize_to_buffer(const T &element, Proof &proof_data)
Serializes object and appends it to proof_data.
Definition transcript.hpp:275

bb::BaseTranscript< Params >::verifier_init_empty
static std::shared_ptr< BaseTranscript > verifier_init_empty(const std::shared_ptr< BaseTranscript > &transcript)
For testing: initializes transcript based on proof data then receives junk data produced by BaseTrans...
Definition transcript.hpp:668

bb::BaseTranscript< Params >::prover_init_empty
static std::shared_ptr< BaseTranscript > prover_init_empty()
For testing: initializes transcript with some arbitrary data so that a challenge can be generated aft...
Definition transcript.hpp:653

bb::UltraFlavor::Transcript_::Base
BaseTranscript< Params > Base
Definition ultra_flavor.hpp:351

bb::UltraFlavor::BATCHED_RELATION_PARTIAL_LENGTH
static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH
Definition ultra_flavor.hpp:107

bb::UltraFlavor::Commitment
Curve::AffineElement Commitment
Definition ultra_flavor.hpp:41

bb::UltraFlavor::VIRTUAL_LOG_N
static constexpr size_t VIRTUAL_LOG_N
Definition ultra_flavor.hpp:47

bb::UltraFlavor::NUM_ALL_ENTITIES
static constexpr size_t NUM_ALL_ENTITIES
Definition ultra_flavor.hpp:60

bb::UltraFlavor::NUM_WITNESS_ENTITIES
static constexpr size_t NUM_WITNESS_ENTITIES
Definition ultra_flavor.hpp:65

bb::UltraKeccakFlavor
Definition ultra_keccak_flavor.hpp:33

bb::UltraKeccakFlavor::num_elements_comm
static constexpr size_t num_elements_comm
Definition ultra_keccak_flavor.hpp:40

bb::UltraKeccakFlavor::num_elements_fr
static constexpr size_t num_elements_fr
Definition ultra_keccak_flavor.hpp:41

bb::UltraKeccakFlavor::Transcript
UltraKeccakFlavor::Transcript_< KeccakTranscriptParams > Transcript
Definition ultra_keccak_flavor.hpp:35

bb::UltraKeccakZKFlavor::Transcript
Derived class that defines proof structure for Ultra zero knowledge proofs, as well as supporting fun...
Definition ultra_keccak_zk_flavor.hpp:52

bb::UltraKeccakZKFlavor::Transcript::libra_sum
FF libra_sum
Definition ultra_keccak_zk_flavor.hpp:58

bb::UltraKeccakZKFlavor::Transcript::libra_quotient_eval
FF libra_quotient_eval
Definition ultra_keccak_zk_flavor.hpp:65

bb::UltraKeccakZKFlavor::Transcript::deserialize_full_transcript
void deserialize_full_transcript(size_t public_input_size, size_t virtual_log_n=VIRTUAL_LOG_N)
Takes a FULL Ultra proof and deserializes it into the public member variables that compose the struct...
Definition ultra_keccak_zk_flavor.hpp:89

bb::UltraKeccakZKFlavor::Transcript::libra_shifted_grand_sum_eval
FF libra_shifted_grand_sum_eval
Definition ultra_keccak_zk_flavor.hpp:63

bb::UltraKeccakZKFlavor::Transcript::verifier_init_empty
static std::shared_ptr< Transcript > verifier_init_empty(const std::shared_ptr< Transcript > &transcript)
Definition ultra_keccak_zk_flavor.hpp:77

bb::UltraKeccakZKFlavor::Transcript::hiding_polynomial_eval
FF hiding_polynomial_eval
Definition ultra_keccak_zk_flavor.hpp:67

bb::UltraKeccakZKFlavor::Transcript::libra_concatenation_eval
FF libra_concatenation_eval
Definition ultra_keccak_zk_flavor.hpp:62

bb::UltraKeccakZKFlavor::Transcript::Transcript
Transcript()=default

bb::UltraKeccakZKFlavor::Transcript::hiding_polynomial_commitment
Commitment hiding_polynomial_commitment
Definition ultra_keccak_zk_flavor.hpp:66

bb::UltraKeccakZKFlavor::Transcript::libra_grand_sum_eval
FF libra_grand_sum_eval
Definition ultra_keccak_zk_flavor.hpp:64

bb::UltraKeccakZKFlavor::Transcript::libra_claimed_evaluation
FF libra_claimed_evaluation
Definition ultra_keccak_zk_flavor.hpp:59

bb::UltraKeccakZKFlavor::Transcript::prover_init_empty
static std::shared_ptr< Transcript > prover_init_empty()
Definition ultra_keccak_zk_flavor.hpp:71

bb::UltraKeccakZKFlavor::Transcript::zk_sumcheck_univariates
std::vector< bb::Univariate< FF, BATCHED_RELATION_PARTIAL_LENGTH > > zk_sumcheck_univariates
Definition ultra_keccak_zk_flavor.hpp:56

bb::UltraKeccakZKFlavor::Transcript::serialize_full_transcript
void serialize_full_transcript(size_t virtual_log_n=VIRTUAL_LOG_N)
Serializes the structure variables into a FULL Ultra proof. Should be called only if deserialize_full...
Definition ultra_keccak_zk_flavor.hpp:144

bb::UltraKeccakZKFlavor::Transcript::libra_concatenation_commitment
Commitment libra_concatenation_commitment
Definition ultra_keccak_zk_flavor.hpp:57

bb::UltraKeccakZKFlavor::Transcript::libra_grand_sum_commitment
Commitment libra_grand_sum_commitment
Definition ultra_keccak_zk_flavor.hpp:60

bb::UltraKeccakZKFlavor::Transcript::libra_quotient_commitment
Commitment libra_quotient_commitment
Definition ultra_keccak_zk_flavor.hpp:61

bb::UltraKeccakZKFlavor
Definition ultra_keccak_zk_flavor.hpp:14

bb::UltraKeccakZKFlavor::HasZK
static constexpr bool HasZK
Definition ultra_keccak_zk_flavor.hpp:17

bb::UltraKeccakZKFlavor::PROOF_LENGTH_WITHOUT_PUB_INPUTS
static constexpr size_t PROOF_LENGTH_WITHOUT_PUB_INPUTS(size_t virtual_log_n=VIRTUAL_LOG_N)
Definition ultra_keccak_zk_flavor.hpp:25

bb::UltraKeccakZKFlavor::BATCHED_RELATION_PARTIAL_LENGTH
static constexpr size_t BATCHED_RELATION_PARTIAL_LENGTH
Definition ultra_keccak_zk_flavor.hpp:20

bb::Univariate
A univariate polynomial represented by its values on {domain_start, domain_start + 1,...
Definition univariate.hpp:35

bb::curve::Grumpkin::LIBRA_UNIVARIATES_LENGTH
static constexpr uint32_t LIBRA_UNIVARIATES_LENGTH
Definition grumpkin.hpp:79

bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6

bb::FF
typename Flavor::FF FF
Definition protogalaxy.bench.cpp:16

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

ultra_keccak_flavor.hpp